On Jul 30, 2012, at 8:21 AM, Poul-Henning Kamp wrote:
> In message <5016A3C5.2030708@mozilla.com>, patrick mcmanus writes:
>
>> I mean that HTTP/2 must be secure against (at least) passive
>> eavesdropping attacks at all times.
>
> Pardon me for being a bit blunt: You and what army ?
Him and all the proponents of SPDY (I'm not one of them)
> I can understand if you insist that _your_ website can always
> be protected if you desire that.
If not all HTTP has TLS, then an active attacker can lead viewers to a lookalike website, so _his_ website (or rather, his users) is not protected against active attackers.
> But I utterly fail to see what mandate you have to insist that some
> random 3rd party must protect their website at all times, countrary
> to their own wishes, and in particular when they may be legally
> prevented from doing so by applicable regulations.
+1
Additionally, TLS requires the client to check revocation of the server certificate. Some browsers don't, but that's besides the point. Checking revocation involves fetching either a CRL or an OCSP response, and they are typically fetched over HTTP. If HTTP has to have TLS we have a bootstrap problem, unless checking revocation is relegated back down to HTTP/1.0.
If we're only interested in preventing passive attacks, then we don't really need to check revocation, but then what of websites that do care about active attacks? They do need to fetch revocation data, so are you going to have them fetch it over insecure TLS?